test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Moved release note for refs #23601 to 1.7.1.

This commit is contained in:
Tim Graham 2014-10-06 13:35:52 -04:00
parent 844ba211ce
commit 51165401be
2 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/releases/1.7.1.txt
View File

@ -91,3 +91,9 @@ Bugfixes
(:ticket:`23560`). (:ticket:`23560`).
* Fixed ``deepcopy`` on ``ErrorList`` (:ticket:`23594`). * Fixed ``deepcopy`` on ``ErrorList`` (:ticket:`23594`).
* Made the :mod:`~django.contrib.admindocs` view to browse view details check
if the view specified in the URL exists in the URLconf. Previously it was
possible to import arbitrary packages from the Python path. This was not
considered a security issue because ``admindocs`` is only accessible to staff
users (:ticket:`23601`).

8
docs/releases/1.8.txt
View File

@ -76,14 +76,6 @@ Minor features
<django.contrib.admin.ModelAdmin.show_full_result_count>` to control whether <django.contrib.admin.ModelAdmin.show_full_result_count>` to control whether
or not the full count of objects should be displayed on a filtered admin page. or not the full count of objects should be displayed on a filtered admin page.
:mod:`django.contrib.admindocs`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The view to browse view details now checks if the view specified in the URL
exists in the URLconf. Previously it was possible to import arbitrary
packages from the Python path. This was not considered a security issue
because ``admindocs`` is only accessible to staff users.
:mod:`django.contrib.auth` :mod:`django.contrib.auth`
^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^